彻底隐藏文件
说明:U盘Auto病毒利用这一点,还会加上隐藏文件后缀名。
1 2 3 4 5 6 7 8 9 10 11 12 |
#--隐藏显示-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t REG_DWORD /v CheckedValue /d "0x00000000" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000002" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000000" /f #--重启视窗进程-- taskkill /f /im explorer.exe & ping 127.1 -n 3 >nul & explorer.exe #--恢复显示-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t REG_DWORD /v CheckedValue /d "0x00000001" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000001" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t REG_DWORD /v Hidden /d "0x00000001" /f |
关闭默认共享
说明:系统默认会开启每个卷的文件共享,如C$、ADMIN$($表示共享目录不可见);一般环境安全审计要求关闭默认共享,但在域环境可能需要通过RemoteRegistry服务来实现远程部署软件、在推送软件时需要使用到默认共享。
1 2 3 4 5 6 7 8 9 10 |
#--关闭默认共享-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoShareServer /d "0x00000000" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoSharewks /d "0x00000000" /f #--查看共享会话,重启Server共享服务,查看共享列表-- net file & sc stop LanmanServer && sc start LanmanServer && net share #--开启默认共享-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoShareServer /d "0x00000001" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /t REG_DWORD /v AutoSharewks /d "0x00000001" /f |
加速菜单显示
1 2 3 4 5 6 7 8 9 10 |
#--调整菜单显示延迟-- reg add "HKCU\Control Panel\Desktop" /t REG_SZ /v MenuShowDelay /d "200" /f reg add "HKCU\Control Panel\Mouse" /t REG_SZ /v MouseHoverTime /d "200" /f #--重启视窗进程-- taskkill /f /im explorer.exe & ping 127.1 -n 3 >nul & explorer.exe #--恢复菜单显示延迟-- reg add "HKCU\Control Panel\Desktop" /t REG_SZ /v MenuShowDelay /d "400" /f reg add "HKCU\Control Panel\Mouse" /t REG_SZ /v MouseHoverTime /d "400" /f |
移除快捷方式箭头
1 2 3 4 5 6 7 8 9 10 |
#--移除箭头,会导致Win10的Win+X组合键失效-- reg delete "HKCR\lnkfile" /v IsShortcut /f reg delete "HKCR\piffile" /v IsShortcut /f #--重启视窗进程-- taskkill /f /im explorer.exe & ping 127.1 -n 3 >nul & explorer.exe #--恢复箭头-- reg add "HKCR\lnkfile" /t REG_SZ /v IsShortcut /f reg add "HKCR\piffile" /t REG_SZ /v IsShortcut /f |
移除资源管理器中的OneDrive
1 |
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f |
修改远程桌面端口
1 2 3 4 5 6 7 8 9 10 |
#--远程桌面端口53389-- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /t REG_DWORD /v PortNumber /d 53389 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /t REG_DWORD /v PortNumber /d 53389 /f #--重启远程桌面服务-- net stop TermService /y & ping 127.1 -n 3 >nul & net start TermService & netstat -ano | find /i "3389" #--恢复远程桌面默认端口-- reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /t REG_DWORD /v PortNumber /d 3389 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /t REG_DWORD /v PortNumber /d 3389 /f |
系统登陆提示语
1 2 3 4 5 6 7 8 9 10 |
#--添加登陆提示语标题及文本-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticecaption /d "欢迎使用Windows 8.1操作系统" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticetext /d "该系统由Desen掌管,请使用授权帐户登录;若您未被授权请联系wsh11080329@qq.com,谢谢使用。" /f #--注销登陆的用户-- shutdown /l /t 15 #--清空登陆提示语标题及文本-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticecaption /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_SZ /v legalnoticetext /f |
关闭IPv6协议
1 2 3 4 5 6 7 8 |
#--禁用IPv6协议-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /t REG_DWORD /v DisabledComponents /d "0x00ffffff" /f #--重启系统生效-- shutdown /r /t 15 #--启用IPv6协议-- reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /f |
启用 windows 自动登录
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
#--登陆界面无须按 Ctrl+Alt+Delete 组合键-- reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /t REG_DWORD /v DisableCAD /d "1" /f #--自动登陆次数-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_DWORD /v AutoLogonCount /d "99999999" /f #--启用自动登陆-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v AutoAdminLogon /d "1" /f #--默认登陆的域名或计算机名-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultDomainName /d "DESENPAST.COM" /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultDomainName /d "Windows10" /f #--默认登陆的域用户或本地用户-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultUserName /d "DESENPAST\Administrator" /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultUserName /d ".\Administrator" /f #--默认登陆的的用户密码-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v DefaultPassword /d "Password" /f #--登陆界面隐藏Administrator用户-- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /t REG_DWORD /v Administrator /d "0" /f |
关闭Windows Defender
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
#--禁用Windows Defender服务-- reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /t REG_DWORD /v DisableAntiSpyware /d "0x00000001" /f #--重启系统生效-- shutdown /r /t 15 #--启用Windows Defender服务-- reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /f #--将相关服务更改为禁用 (其中 0x00000003 为手动)-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /t REG_DWORD /v Start /d "0x00000004" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdNisSvc" /t REG_DWORD /v Start /d "0x00000004" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /t REG_DWORD /v Start /d "0x00000004" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /t REG_DWORD /v Start /d "0x00000004" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /t REG_DWORD /v Start /d "0x00000004" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\SgrmBroker" /t REG_DWORD /v Start /d "0x00000004" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc" /t REG_DWORD /v Start /d "0x00000003" /f #--鄙视微软-- # MpsSvc 服务运行状态下,所有程序打开都是各种卡、某些服务运行状态但程序却报服务运行异常。 #--补充: 禁用Windows更新-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /t REG_DWORD /v Start /d "0x00000004" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /t REG_DWORD /v Start /d "0x00000004" /f #--恢复应用商店功能-- reg add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /t REG_DWORD /v Start /d "0x00000002" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\SgrmBroker" /t REG_DWORD /v Start /d "0x00000002" /f #--服务名称及显示名称-- # Sense Windows Defender Advanced Threat Protection Service # WdNisSvc Windows Defender Antivirus Network Inspection Service # WinDefend Windows Defender Antivirus Service # SecurityHealthService Windows 安全中心服务 # MpsSvc Windows Defender Firewall # wscsvc Security Center # SgrmBroker System Guard 运行时监视器代理 # UsoSvc Update Orchestrator Service # wuauserv Windows Update |
设置暂停更新的最长天数
1 2 3 |
#--设置暂停更新的最大值为360天-- reg add "HKLM\SYSTEM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /t REG_DWORD /v FlightSettingsMaxPauseDays /d "360" /f |
Windows 照片查看器
- 下载并导入Windows_Photo_Viewer.reg
- 在图片文件属性中更改“打开方式”
- 下拉列表中选择“Windows 照片查看器”
文章出自: 本站技术文章均为原创,版权归 "Desen往事 - 个人博客" 所有;部分图片来源于 Yandex ,转载本站文章请注明来源。
本文标题:Windows 注册表优化